1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
$NetBSD: patch-ad,v 1.1 2005/01/21 14:42:10 wiz Exp $
--- unarj.c.orig 2002-06-05 12:28:06.000000000 +0200
+++ unarj.c
@@ -213,7 +213,7 @@ static uchar arj_flags;
static short method;
static uint file_mode;
static ulong time_stamp;
-static short entry_pos;
+static ushort entry_pos;
static ushort host_data;
static uchar *get_ptr;
static UCRC file_crc;
@@ -231,6 +231,8 @@ static UCRC crctable[UCHAR_MAX + 1];
/* Functions */
+void copy_path_relative(char *dest, char *src, size_t len);
+
static void
make_crctable()
{
@@ -604,6 +606,7 @@ char *name;
error(M_BADHEADR, "");
crc = CRC_MASK;
+ memset(header, 0, sizeof(header));
fread_crc(header, (int) headersize, fd);
header_crc = fget_crc(fd);
if ((crc ^ CRC_MASK) != header_crc)
@@ -628,9 +631,13 @@ char *name;
if (origsize < 0 || compsize < 0)
error(M_HEADRCRC, "");
+ if(first_hdr_size > headersize-2) /* need two \0 for file and comment */
+ error(M_BADHEADR, "");
hdr_filename = (char *)&header[first_hdr_size];
strncopy(filename, hdr_filename, sizeof(filename));
+ if(entry_pos >= strlen(filename))
+ error(M_BADHEADR, "");
if (host_os != OS)
strparity((uchar *)filename);
if ((arj_flags & PATHSYM_FLAG) != 0)
@@ -727,11 +734,11 @@ extract()
no_output = 0;
if (command == 'E')
- strcpy(name, &filename[entry_pos]);
+ copy_path_relative(name, &filename[entry_pos], sizeof(name));
else
{
strcpy(name, DEFAULT_DIR);
- strcat(name, filename);
+ copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name));
}
if (host_os != OS)
|
